question

GlennMaxwell-2309 avatar image
3 Votes"
GlennMaxwell-2309 asked RieraE-1873 commented

App Registration vs Enterprise Applications

Hi All

What is the major differences between Azure App Registration and Enterprise Applications. what i see is that with enterprise application we can integrate with other companies.

azure-app-configuration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

soumi-MSFT avatar image
6 Votes"
soumi-MSFT answered RieraE-1873 commented

Hello @GlennMaxwell-2309, thank you for reaching out. All applications that get registered in AAD, in the tenant, two types of objects get created once the app registration is done.

  • Application Object

  • Service Principal Object

The Application Object is what you see under App Registrations in AAD. This object acts as the template where you can go ahead and configure various things like API Permissions, Client Secrets, Branding, App Roles, etc. All these customizations that you make to your app, get written to the app manifest file. The application object describes three aspects of an application: how the service can issue tokens in order to access the application, resources that the application might need to access, and the actions that the application can take.

The Service Principal Object is what you see under the Enterprise Registration blade in AAD. Every Application Object (created through the Azure Portal or using the Microsoft Graph APIs, or AzureAD PS Module) would create a corresponding Service Principal Object in the Enterprise Registration blade of AAD. A service principal is a concrete instance created from the application object and inherits certain properties from that application object. A service principal is created in each tenant where the application is used and references the globally unique app object. The service principal object defines what the app can actually do in the specific tenant, who can access the app, and what resources the app can access.

Similar to a class in object-oriented programming, the application object has some static properties that are applied to all the created service principals (or application instances).

You can read more on the following objects here: https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@soumi-MSFT , There is no possibility to add the user as Contributor role to this Enterprise Application ?

All I can see is just the Owners role.

0 Votes 0 ·

What is the reason for calling "Enterprise Applications" to Service Principal Objects? And why Application Objects are called "App Registrations"? I find the names quite confusing...

And the explanation is nice but for instance, when you said "how the service can issue tokens in order to access the application" it is not clear to me to which service are you referring to. I should guess "the service" is "AAD", isn't it?

I find confusing this other statement "All these customizations that you make to your app, get written to the app manifest file." To which app are you refering to? You mean the "App Registration row"? Or you mean whatever app I have opened in Visual Studio Code that at some point it would use this "App Registration row" in order to consume M365/Azure services?

0 Votes 0 ·
RuslanBabayev-0770 avatar image
0 Votes"
RuslanBabayev-0770 answered

Wow, brilliant explanation. Finally, i see a detailed and straight to the point explanation.

Thank you,

Ruslan

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.